IT Execs Prioritize Concerns

Results of a recent survey reveal six areas of priority for CIOs and their organizations: information security and privacy, virtualization and cloud computing, social media integration, data classification and management, regulatory compliance, and vendor management.

Protiviti, a global consulting firm, identified top areas of concern for IT leaders—7 percent of respondents represented the insurance industry—based on competencies they cited as most in need of improvement in its “Information Technology Capabilities and Needs Survey.”

More than 200 IT professionals—including CIOs, CTOs, chief security officers and IT VPs, directors and managers—were asked to assess their skills and professional development priorities through questions covering three major categories: technical knowledge, process capabilities and organizational capabilities. After analyzing the responses, Protiviti concluded that virtualization and social media integration clearly stand out as the top areas in need of improvement in terms of technical knowledge. And related competencies such as cloud computing and social media security are also top “Need to Improve” areas for IT departments.

Specific concerns identified in the report include:

Some firms have vague or out-of-date social media policies in place that are unenforceable if inappropriate activity occurs.

The volume and pace of regulatory change has been significant in recent years, and there are a number of regulatory issues that require IT involvement, including Dodd-Frank, Sarbanes-Oxley, Basel II, Solvency II and PCI-DSS. "IT must be an active part of compliance management, which typically involves developing, implementing or integrating tools and platforms to achieve active compliance and risk management," said Kurt Underwood, managing director and head of Protiviti's IT consulting practice.

For every law and regulatory requirement, the company must also ask: What portion of my data does this affect? How do I classify and manage this data in accordance with the law? It also is important to note that, as a byproduct of the proliferation of new and emerging technologies, there are rapidly growing volumes of data being generated daily. By ranking, managing and classifying this data as a top "Need to Improve" competency, respondents may be saying they and their organizations are having difficulty understanding the increasingly complex regulatory landscape and how to comply with various new laws.

With more and more organizations transitioning to virtualized solutions as well as applications and activities in the cloud, external service-level agreements (SLAs) with an array of third-party vendors and other providers are a key concern for IT executives. Similarly, determining a sound strategy and approach for outsourcing and off shoring are another critical area of focus, particularly given that many companies continue to seek innovative ways to save costs. However, many of these organizations lack clarity or direction about how to accomplish this effectively while continuing to deliver a high level of service and maintain compliance with company policies, applicable laws and regulations.

Because data breaches are costly and affect not just operations but also brand reputation, information security is another top priority for IT executives. Key considerations for leaders to consider are: How robust are our information security measures? Is our organization in compliance with industry standards for security and privacy as well as applicable laws and regulations, and do we have efficient systems and processes for tracking compliance?

For reprint and licensing requests for this article, click here.
Analytics Security risk Core systems Policy adminstration Data and information management Compliance
MORE FROM DIGITAL INSURANCE